Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/k1hFzeEDIWgMxgtecstBXsRbC7Y.roa
File:                     k1hFzeEDIWgMxgtecstBXsRbC7Y.roa (raw, json)
Hash identifier:          cqOs39m/M5ySQWIc13z2fCg2dJg5fx0L7CNhA3z9spc=
Subject key identifier:   93:58:45:CD:E1:03:21:68:0C:C6:0B:5E:72:CB:41:5E:C4:5B:0B:B6
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018A5FEAE6C18712F6E41E6F68A689255105
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/k1hFzeEDIWgMxgtecstBXsRbC7Y.roa
Signing time:             Mon 04 Sep 2023 11:19:04 +0000
ROA not before:           Mon 04 Sep 2023 11:19:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15731
IP address blocks:        86.107.51.0/24 maxlen: 24
                          89.43.62.0/24 maxlen: 24
                          89.34.219.0/24 maxlen: 24
                          94.177.51.0/24 maxlen: 24
                          89.47.55.0/24 maxlen: 24
                          89.35.119.0/24 maxlen: 24
                          89.35.130.0/23 maxlen: 23
                          89.35.131.0/24 maxlen: 24
                          2.57.240.0/24 maxlen: 24
                          86.107.168.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          94.177.150.0/24 maxlen: 24
                          195.88.89.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          45.88.13.0/24 maxlen: 24
                          188.214.107.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 06 Sep 2023 05:45:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5f:ea:e6:c1:87:12:f6:e4:1e:6f:68:a6:89:25:51:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Sep  4 11:19:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=935845cde10321680cc60b5e72cb415ec45b0bb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d5:b1:2b:d0:71:21:4b:a1:88:11:80:47:d4:
                    54:fc:e8:e5:f9:d6:8f:03:4d:48:3d:b2:3e:1e:75:
                    f6:87:a7:ab:e9:80:cf:d9:b9:dc:80:51:1b:6f:26:
                    d7:79:cc:51:b7:a3:12:1e:04:ec:f2:41:3e:de:e5:
                    49:3c:bc:d0:2a:b7:b5:9c:ea:cf:73:40:20:e1:a9:
                    b2:dd:14:df:12:c1:23:17:87:b0:56:27:2e:4f:9b:
                    ce:69:9a:9e:2e:de:af:fb:e0:46:aa:fe:37:48:a6:
                    67:a4:c8:a0:01:d1:25:3d:63:9f:de:47:5a:c3:e7:
                    31:bc:6e:63:ab:b6:d0:e2:e6:7e:12:d9:0f:8f:01:
                    b0:84:03:04:4e:e4:34:38:b0:0d:45:e5:e2:4a:83:
                    00:89:1a:4d:fc:a0:d3:29:a1:86:bf:57:d9:ba:62:
                    6b:0f:79:d8:f7:1a:b7:09:fb:2b:e1:cf:7c:93:3f:
                    7a:20:85:3f:de:94:56:d9:13:a7:59:af:ab:4d:cc:
                    25:2f:07:09:65:1b:22:ba:b6:10:8c:8e:2c:f9:8b:
                    c1:00:54:87:4d:16:48:3f:52:83:fe:8d:df:86:1c:
                    df:b8:8c:db:9d:f7:86:ee:8f:97:2f:c6:8e:6c:1a:
                    49:c5:02:96:09:20:30:f7:a6:9c:69:f1:85:37:25:
                    4d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:58:45:CD:E1:03:21:68:0C:C6:0B:5E:72:CB:41:5E:C4:5B:0B:B6
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/k1hFzeEDIWgMxgtecstBXsRbC7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.240.0/24
                  45.88.13.0/24
                  86.107.51.0/24
                  86.107.168.0/24
                  89.34.106.0/24
                  89.34.219.0/24
                  89.35.119.0/24
                  89.35.130.0/23
                  89.43.62.0/24
                  89.47.36.0/24
                  89.47.55.0/24
                  94.177.51.0/24
                  94.177.150.0/24
                  188.214.107.0/24
                  195.88.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:b8:21:dd:3d:67:dd:bc:0f:57:10:c3:22:ca:85:ba:60:45:
         46:a7:85:7f:58:52:16:65:c1:5d:16:87:eb:0b:15:0d:1e:ee:
         58:37:3f:fc:98:5b:c6:1c:d2:a0:c4:1c:3a:c9:b2:82:03:72:
         17:f5:91:80:ff:8c:1f:63:5f:83:ed:ab:e5:05:06:32:9c:9c:
         0f:b0:ea:77:b6:0c:c8:cb:5c:37:48:c4:51:9a:04:f8:95:36:
         aa:dd:9a:ec:38:f5:1d:a5:ad:b6:ab:f3:5a:43:76:36:31:69:
         6b:db:69:7d:c8:52:65:21:d3:0b:a3:8e:c2:e8:51:a8:91:e3:
         c0:99:c1:4a:d5:a1:c1:6f:af:dd:80:63:94:02:25:f0:0e:79:
         41:fa:73:26:1a:c9:5e:c3:fb:ee:1f:a9:3f:bf:a3:dc:1c:1b:
         cf:76:64:f0:a9:7f:da:bf:85:cc:89:9a:2e:89:0d:e5:a0:72:
         27:26:6b:a3:b6:ee:2c:5e:d1:18:9a:4a:3a:04:c6:2c:0e:74:
         38:8f:d1:c6:73:57:3d:c0:47:8e:06:1e:dd:76:5a:0e:5d:e6:
         64:67:f8:93:d8:bf:d2:2a:41:f2:4c:3a:35:fd:43:ff:0b:ca:
         f2:cf:9f:f5:91:ad:0f:d3:d2:d1:16:64:79:3e:cf:56:25:56:
         fd:d1:f7:04
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYpf6ubBhxL25B5vaKaJJVEFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjMwOTA0MTExOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzU4NDVjZGUxMDMyMTY4MGNjNjBiNWU3MmNiNDE1ZWM0NWIwYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttWxK9BxIUuhiBGAR9RU/Ojl+daP
A01IPbI+HnX2h6er6YDP2bncgFEbbybXecxRt6MSHgTs8kE+3uVJPLzQKre1nOrP
c0Ag4amy3RTfEsEjF4ewVicuT5vOaZqeLt6v++BGqv43SKZnpMigAdElPWOf3kda
w+cxvG5jq7bQ4uZ+EtkPjwGwhAMETuQ0OLANReXiSoMAiRpN/KDTKaGGv1fZumJr
D3nY9xq3Cfsr4c98kz96IIU/3pRW2ROnWa+rTcwlLwcJZRsiurYQjI4s+YvBAFSH
TRZIP1KD/o3fhhzfuIzbnfeG7o+XL8aObBpJxQKWCSAw96acafGFNyVNuwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFJNYRc3hAyFoDMYLXnLLQV7EWwu2MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvazFoRnplRURJV2dNeGd0ZWNzdEJYc1JiQzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAAjnwAwQA
LVgNAwQAVmszAwQAVmuoAwQAWSJqAwQAWSLbAwQAWSN3AwQBWSOCAwQAWSs+AwQA
WS8kAwQAWS83AwQAXrEzAwQAXrGWAwQAvNZrAwQAw1hZMA0GCSqGSIb3DQEBCwUA
A4IBAQApuCHdPWfdvA9XEMMiyoW6YEVGp4V/WFIWZcFdFofrCxUNHu5YNz/8mFvG
HNKgxBw6ybKCA3IX9ZGA/4wfY1+D7avlBQYynJwPsOp3tgzIy1w3SMRRmgT4lTaq
3ZrsOPUdpa22q/NaQ3Y2MWlr22l9yFJlIdMLo47C6FGokePAmcFK1aHBb6/dgGOU
AiXwDnlB+nMmGslew/vuH6k/v6PcHBvPdmTwqX/av4XMiZouiQ3loHInJmujtu4s
XtEYmko6BMYsDnQ4j9HGc1c9wEeOBh7ddloOXeZkZ/iT2L/SKkHyTDo1/UP/C8ry
z5/1ka0P09LRFmR5Ps9WJVb90fcE
-----END CERTIFICATE-----